<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="zh-cn" xml:lang="zh-cn">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="替换DeviceManager证书">
<meta name="product" content="">
<meta name="DC.Relation" scheme="URI" content="zh-cn_topic_0000001583029352.html">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="防勒索">
<meta name="DC.Publisher" content="20220629">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="ZH-CN_TOPIC_0000001633149057">
<meta name="DC.Language" content="zh-cn">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>替换DeviceManager证书</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="ZH-CN_TOPIC_0000001633149057"></a><a name="ZH-CN_TOPIC_0000001633149057"></a>

<h1 class="topictitle1">替换DeviceManager证书</h1>
<div id="body8662426"><p id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_p7956145411484">外部的客户端和存储设备通信的场景。在此场景中，存储设备为服务端，外部网管工具为客户端。此场景中，证书必须导入，CA证书可选导入。</p>
<div class="section" id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_section432918341424"><h4 class="sectiontitle">背景信息</h4><ul id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_ul166928371327"><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li269223711218">设备管理证书场景，服务端存在默认的证书，不支持证书吊销列表。</li><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li7521174516218">为进一步提升设备管理证书场景链路的安全性，建议将网管工具客户端和存储设备服务端的默认安全证书及私钥替换为自己的安全证书及私钥。</li></ul>
</div>
<div class="section" id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_section1213016116513"><h4 class="sectiontitle">操作步骤</h4><ol id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_ol03438685117"><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li1838765965811"><span>获取证书请求文件及对应的私钥。</span><p><div class="p" id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_p1284510599582">支持以下两种方式：<ul class="subitemlist" id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_ul149568549482"><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li695614548487">通过DeviceManager界面将设备管理证书场景的证书请求文件导出，此时在存储设备上生成对应的私钥并保存到数据库中。<p class="subitemlist" id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_p1132313685915"><a name="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li695614548487"></a><a name="zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li695614548487"></a>具体操作可参考<a href="zh-cn_topic_0000001633268429.html#ZH-CN_TOPIC_0000001633268429__zh-cn_topic_0000001506145385_zh-cn_topic_0000001263453192_li09558541489">通过DeviceManager界面导出请求文件</a>。</p>
</li><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li4956654134818">使用OpenSSL工具生成明文私钥及证书请求文件。<p id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_p17956115419484"><a name="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li4956654134818"></a><a name="zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li4956654134818"></a>具体的操作步骤请参见<a href="zh-cn_topic_0000001633268429.html#ZH-CN_TOPIC_0000001633268429__zh-cn_topic_0000001506145385_zh-cn_topic_0000001263453192_li1695585410483">使用OpenSSL工具生成明文私钥及证书请求文件</a>。</p>
</li></ul>
</div>
</p></li><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li149564542489"><span>将导出的证书请求文件发送到第三方CA中心进行签名或者使用企业自己的根证书进行签名，得到证书和CA证书。</span><p><p class="litext" id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_p99565546480">常见的第三方CA中心简介请参见<a href="zh-cn_topic_0000001633268429.html#ZH-CN_TOPIC_0000001633268429__zh-cn_topic_0000001506145385_zh-cn_topic_0000001263453192_table60705275">表2</a>。</p>
</p></li><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li512911282519"><span>导入证书文件。</span><p><ul id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_ul1670862485110"><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li070862485116">如果证书请求是通过DeviceManager界面导出生成的，则将签名得到的证书导入到存储设备。</li><li id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_li11708162415519">如果证书请求是使用OpenSSL工具生成的，则需要将明文私钥文件和签名后的证书通过DeviceManager界面导入到存储设备。</li></ul>
<p id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_p1967853211596">导入证书的具体操作可参考<a href="zh-cn_topic_0000001633268429.html#ZH-CN_TOPIC_0000001633268429__zh-cn_topic_0000001506145385_zh-cn_topic_0000001263453192_li775722792914">3</a>。其中，勾选<span class="uicontrol" id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_uicontrol11612830134717">“管理平面域认证证书”</span>改为勾选<span class="uicontrol" id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_uicontrol20647132615393">“DeviceManager证书”</span>。</p>
</p></li></ol>
</div>
<p id="ZH-CN_TOPIC_0000001633149057__zh-cn_topic_0000001456305628_zh-cn_topic_0000001506049989_p8060118"></p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>父主题：</strong> <a href="zh-cn_topic_0000001583029352.html">替换存储设备证书</a></div>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">版权所有 &copy; 华为技术有限公司</div></body>
</html>